A device receives a request from a terminal device to start a session to authenticate a person associated with an account. The device creates the session. The session is associated with the terminal device. The device receives session information and authentication information from a user device operated by the person. The device determines the session based on the session information and generates an authentication message based on the authentication information. The device transmits the authentication message to the terminal device associated with the session to authenticate that the person is associated with the account.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A device, comprising: one or more processors to: receive a request from a terminal device to start a session to authenticate a person, the person being associated with an account; create the session, the session being associated with the terminal device; generate, based on creating the session, a session identifier; associate the session identifier with the session, the session identifier uniquely identifying the session; associate a store code with the session; transmit the session identifier and the store code to the terminal device, transmitting the session identifier and the store code to the terminal device causing the session identifier and the store code to be provided for display on the terminal device; receive session information and authentication information from a user device operated by the person, the session information including the session identifier and the store code, and the session identifier and the store code being received as input to the user device; determine the session based on the session information; generate an authentication message based on the authentication information; and transmit the authentication message to the terminal device associated with the session to authenticate that the person is associated with the account.
A device handles secure authentication. It receives a request from a terminal (like a store kiosk) to start an authentication session for a person and their account. The device creates a session, associates it with the terminal, and generates a unique session ID and a store code. These are sent to the terminal for display. The person uses their user device (like a phone) to input the session ID and store code. The device receives this session information and authentication information (like a fingerprint). Based on the session information, the device identifies the correct session, generates an authentication message from the provided authentication information, and sends it back to the terminal to authenticate the person's account.
2. The device of claim 1 , where the one or more processors are further to: associate a location identifier with the session, the location identifier identifying a location of the terminal device, the session information received from the user device including the location identifier; and where the one or more processors, when determining the session, are to: determine the session based on the location identifier included in the session information.
In addition to the previous authentication description, the device associates a location identifier (identifying the terminal's location) with the session. The user device also provides this location identifier as part of the session information. When determining the session, the device uses this location identifier received from the user device to match it to the location identifier associated with the session. This ensures the user is authenticating at the correct terminal location.
3. The device of claim 1 , where the one or more processors are further to: associate a location identifier with the session, the location identifier identifying a business where the terminal device is located, and the session information received from the user device including location information, the location information indicating a location of the user device, and the location identifier being determined based on the location information; and where the one or more processors, when determining the session, are to: determine the session based on the location identifier.
In addition to the initial authentication setup, a location identifier representing the business location is associated with the session. The user device sends location information, and the device uses this information to determine the location identifier. The device then matches the location identifier with the session, ensuring the user device is at the same business as the terminal before authenticating.
4. The device of claim 1 , where the one or more processors are further to: associate a location identifier with the session, the location identifier identifying a location at which a plurality of terminal devices are located, the plurality of terminal devices including the terminal device; and where the one or more processors, when determining the session, are to: determine the session based on the location identifier.
Building on the basic authentication, the device associates a location identifier representing a location with multiple terminals (including the current terminal) to the session. When determining the session, the system uses the location identifier to confirm the user device is within the allowed location with multiple terminal devices.
5. The device of claim 4 , where each of the session identifier and the location identifier are fewer than five characters.
As an extension of the location-based authentication from the previous description, both the session identifier and the location identifier are designed to be short, using fewer than five characters each.
6. The device of claim 1 , where the one or more processors are further to: terminate the session based on at least one of: receiving a first request from the terminal device requesting that the session be terminated, or receiving a second request from the terminal device requesting that a new session be started.
In addition to the core authentication process, the device includes a session termination feature. The session is terminated either when the terminal sends a request to terminate it, or when the terminal sends a request to start a completely new session, invalidating the prior one.
7. A non-transitory computer-readable medium storing instructions, the instructions comprising: a plurality of instructions that, when executed by a processor of a device, cause the processor to: receive a request from a terminal device to establish a session for receiving an authentication message; establish the session, the session being associated with the terminal device; generate, based on establishing the session, a session identifier; associate the session identifier with the session, the session identifier uniquely identifying the session; associate store information with the session; transmit the session identifier and the store information to the terminal device, transmitting the session identifier and the store information to the terminal device causing the session identifier and the store information to be provided for display on the terminal device; receive session information and authentication information from a user device operated by a person, the session information including the session identifier and the store information, and the session identifier and the store information being received as input to the user device; determine the session associated with the terminal device based on the session information; generate the authentication message based on the authentication information; and provide the authentication message to the terminal device associated with the session to authenticate the person.
A non-transitory computer-readable medium (like a hard drive or flash drive) stores instructions that, when executed, enable secure authentication. The instructions cause the device to receive a request from a terminal to start a session for receiving an authentication message. It establishes the session, associates it with the terminal, and generates a unique session ID and store information. These are transmitted to the terminal for display. The user device sends session information (including the session ID and store information) and authentication data. The instructions enable the device to identify the session based on the received session information, generate an authentication message based on the authentication data, and send it to the terminal to authenticate the user.
8. The non-transitory computer-readable medium of claim 7 , where the store information indicates information about at least one of a plurality of terminal devices at the store or a plurality of store representatives, the plurality of terminal devices including the terminal device.
Building upon the previous computer-readable medium description, the store information that is sent to the terminal provides details about the terminal itself, other terminals at the same store, or store representatives operating the terminal.
9. The non-transitory computer-readable medium of claim 7 , where the store information causes the user device to display a virtual representation of the store that permits the person to select the terminal device.
Expanding on the computer-readable medium functions, the store information sent to the user device triggers the display of a virtual store representation. This virtual representation allows the user to visually select the specific terminal they're interacting with.
10. The non-transitory computer-readable medium of claim 7 , where the plurality of instructions further cause the processor to: transmit a request to the user device to select a business; receive a response indicating a selected business; provide business information to the user device about the selected business; and where the plurality of instructions, that cause the processor to receive the session information, cause the processor to: receive the session information from the user device based on providing the business information to the user device about the selected business, the session information including information included in the business information.
The computer-readable medium's instructions are extended to request the user device to select a specific business. Upon receiving the user's selection, business-related information is provided to the user device. The session information is subsequently received from the user device, and this information is based on the business information previously provided, therefore containing data included in the business information.
11. The non-transitory computer-readable medium of claim 7 , where the plurality of instructions further cause the processor to: receive location information from the user device indicating a location of the user device; determine a business associated with the location; provide business information for the business to the user device; and where the plurality of instructions, that cause the processor to receive the session information, cause the processor to: receive the session information from the user device after providing the business information for the business to the user device, the session information including information included in the business information.
Further extending the computer-readable medium, the device receives location information from the user device. Based on this location, it determines the associated business and sends business information to the user device. The subsequent session information received from the user device is based on the provided business information, including details contained within it.
12. The non-transitory computer-readable medium of claim 7 , where the plurality of instructions further cause the processor to: associate a terminal device identifier with the session, the terminal device identifier identifying at least one of the terminal device or a business representative operating the terminal device, and the session information received from the user device identifying at least one of the terminal device or the business representative; determine the terminal device identifier based on the session information; and where the processor, when determining the session, is to: determine the session based on the terminal device identifier.
Expanding on the computer-readable medium, a terminal device identifier (identifying either the terminal itself or the representative operating it) is associated with the session. The session information received from the user device must also identify either the terminal or the representative. The device uses the session information to determine the terminal device identifier and uses this identifier to determine the session.
13. The non-transitory computer-readable medium of claim 7 , where the plurality of instructions further cause the processor to: terminate the session based on at least one of: receiving a first request from the terminal device requesting that the session be terminated, or receiving a second request from the terminal device requesting that a new session be started.
Extending the computer-readable medium instructions, the session is terminated either when the terminal sends a termination request or when the terminal requests to start a new session, superseding the current one.
14. A method comprising: receiving, by a device, a request from a terminal device to start a session to authenticate an account; creating, by the device, the session, the session being associated with the terminal device; generating, by the device and based on creating the session, a session identifier; associating, by the device, the session identifier with the session, the session identifier uniquely identifying the session; associating, by the device, a store code with the session; transmitting, by the device, the session identifier and the store code to the terminal device, transmitting the session identifier and the store code to the terminal device causing the session identifier and the store code to be provided for display on the terminal device; receiving, by the device, session information and authentication information from a user device, the session information including the session identifier and the store code, and the session identifier and the store code being received as input to the user device; determining, by the device, the session associated with the terminal device based on the session information received from the user device; creating, by the device, an authentication message based on the authentication information; and providing, by the device, the authentication message to the terminal device associated with the session to authenticate the account.
A method for secure authentication: A device receives a request from a terminal to start a session to authenticate an account. The device creates the session and associates it with the terminal. The device generates a unique session identifier and a store code and sends them to the terminal for display. The device receives session information (including the session ID and store code) and authentication information from a user device. The device determines the session associated with the terminal based on the session information. Finally, the device creates an authentication message based on the authentication information and sends it to the terminal to authenticate the account.
15. The method of claim 14 , further comprising: terminating the session based on at least one of: receiving a first request from the terminal device requesting that the session be terminated, or receiving a second request from the terminal device requesting that a new session be started.
Expanding on the core method, the session can be terminated in one of two ways: either by receiving a termination request from the terminal or by receiving a request from the terminal to start a completely new session.
16. The method of claim 14 , further comprising: terminating the session based on at least one of: receiving a request from the user device requesting that the session be terminated or receiving location information from the user device indicating that the user device is outside of a location where the terminal device is located.
Building on the method, the session is terminated either by receiving a termination request from the user device, or if the location data from the user device indicates it's no longer near the terminal's location.
17. The method of claim 14 , further comprising: determining the session is active; and where providing the authentication message to the terminal device comprises: providing the authentication message to the terminal device based on the session being active.
The method includes determining whether the session is currently active. The authentication message is only sent to the terminal if the session is confirmed to be active.
18. The method of claim 14 , where the authentication message includes the authentication information.
The authentication message that is sent to the terminal includes the actual authentication information received from the user device.
19. The method of claim 14 , further comprising: receiving account information identifying the account from at least one of the terminal device or the user device.
The method also involves receiving account information (identifying the account being authenticated) from either the terminal or the user device.
20. The method of claim 19 , further comprising: determining an authentication result indicating whether the authentication information received from the user device matches account authentication information for the account, the authentication message including the authentication result.
As an addition to the method, after receiving authentication information from the user device, the device compares it against stored authentication information for the account and determines an authentication result (success or failure). This authentication result is then included in the authentication message that is sent to the terminal.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
March 24, 2014
June 20, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.